SAML SSO Login issue with Enterprise 11.3

ready4GIS

Hi all,

We've just installed Enterprise 11.3, everything is working fine, except getting an error when trying to log in using Azure AD/SAML authentication, which had previously worked fine.

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'xyz.xyz.xyz.portal'.

Using Chrome Dev tools, I can see the reply-url being passed is

/portal/home/accountswitcher-callback.html

However the only reply-url we have set up, and that I can find a documented reference to is:

/portal/sharing/rest/oauth2/saml/signin

Its Login invoked from Portal itself. We want to configure SSO into the portal with organization SAML.

David_McRitchie

Usually these issues come up from the configuration on the SSO side of things.

Depending how you are doing SSO it might be worth checking tutorials for your provider and comparing this against your SSO configuration. For example if you're using Microsoft Entra SSO then the following tutorial might highlight if there is something wrong with the SSO setup.

The reply URL /portal/sharing/rest/oauth2/saml/signin should be correct. I would also expect to see /portal/home/accountswitcher-callback.html appear in the network traffic on the Chrome Dev console. Are these URLs definitely being used in the SSO configuration?

Hope that helps,

Esri UK -Technical Support Analyst